pronounscc/backend/routes/meta/meta.go
Sam 94cd4cd6d3
fix(backend): don't count deleted users + unlisted members in meta endpoint
This technically leaked the *existence* of these users and members,
but there's never been any way to enumerate users or unlisted members,
so this is unlikely to have *actually* leaked any information. Still,
for consistency's sake, this commit hides them from the user/member
count.
2023-04-17 16:33:05 +02:00

53 lines
1.3 KiB
Go

package meta
import (
"net/http"
"os"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
)
type Server struct {
*server.Server
}
func Mount(srv *server.Server, r chi.Router) {
s := &Server{Server: srv}
r.Get("/meta", server.WrapHandler(s.meta))
}
type MetaResponse struct {
GitRepository string `json:"git_repository"`
GitCommit string `json:"git_commit"`
Users int64 `json:"users"`
Members int64 `json:"members"`
RequireInvite bool `json:"require_invite"`
}
func (s *Server) meta(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
var numUsers, numMembers int64
err := s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM users WHERE deleted_at IS NULL").Scan(&numUsers)
if err != nil {
return errors.Wrap(err, "querying user count")
}
err = s.DB.QueryRow(ctx, "SELECT COUNT(*) FROM members WHERE unlisted = false AND user_id = ANY(SELECT id FROM users WHERE deleted_at IS NULL)").Scan(&numMembers)
if err != nil {
return errors.Wrap(err, "querying user count")
}
render.JSON(w, r, MetaResponse{
GitRepository: server.Repository,
GitCommit: server.Revision,
Users: numUsers,
Members: numMembers,
RequireInvite: os.Getenv("REQUIRE_INVITE") == "true",
})
return nil
}